Once your blog is back up and running, you may find a flood of comment spam has gotten through. Luckily, Akismet and Spam Karma can help you clean up the mess.

Both Akismet and Spam Karma 2.3 have a feature that goes through your comment list to clean up any missed comment spam. Before beginning the process, ensure you have the latest version of the WordPress Plugins.

Akismet

To recheck your comment list for comment spam with Akismet:

Activate the Akismet Comment Spam Plugin.

Go to Comments > Awaiting Moderation.

To the far right, click the link Recheck Queue for Spam.

Check comments in the Moderation list for comment spam and mark them as spam, and release any false/positives.

Go to the Comments panel to check through the comments to ensure no evil comment spam remains.

If you find that a lot of comment spam is not getting recognized as comment spam by Akismet, use the Mass Edit Mode on the Comments Panel to process your comments by “bulk”.

Spam Karma

To recheck your comment list for comment spam with Spam Karma:

Active the Spam Karma WordPress Plugin>.

Go to Manage > Spam Karma > Approved Comments.

Under Filter, click Invert Checkbox Selection to put a checkbox in all of the visible comment spam.

Leave the settings to Run Selected Entries through all plugins and click Run Selected Entries.

This should sort through and capture any missed comment spam which you can see on the Recent Spam Harvest panel, eliminating them from your database from there.

If any are missed, mark them accordingly and get rid of them.

Even during upgrades and down time, these WordPress Plugins have your back.

Why Disable Plugins?
Many don’t understand why it is important to disable WordPress Plugins during an upgrade. During a security or patch upgrade, it might not matter much, but during a full upgrade, WordPress often makes changes to the database and functions which change how a Plugin interacts with the program. By turning them on one by one, you can determine which ones will play nicely. Turn them all on at the same time and it will take longer to find out which ones don’t work.

WordPress Plugins also interact with the MySQL database. Starting up your WordPress blog after an upgrade with all of your Plugins turned on can be like leaving all the lights and power on in a building after a power outage. The sudden pull of energy can overwhelm the system. Plugins work when needed during the normal activity of a blog, but when all reactivated at one, it might be too much for a shared hosted blog.

The key reason is to find out if the Plugins will work with the new version. Make sure you check for upgraded versions of your WordPress Plugins as part of your upgrade process.

39 Comments

I guess I’ve never bothered to read Upgrading WordPress until now. I’ve never turned off my plugins before upgrading. I guess I’ve been lucky so far then. I’m glad you pointed this out, so next time I’ll upgrade the proper way.

I find Spam Karma with Akismet is redundant. Spam Karma doesn’t block anything that Akismet gets anyway. I find Bad Behavior + Akismet to be a much better combination, and I get over 10,000 spam per month. For me, BB blocks an additional 5,000 per week that never even get to the Akismet spam bucket.

@Alex
The problem with an automated upgrade process lies not with WordPress itself but rather with different hosts and their server configurations. There can be huge differences in hosting packages, permissions, versions of this, that and the other thing to make an automated process not built into the host itself (like Fantastico) very difficult at best. I agree with you though. It would be nice if it were possible. One of the things that can hold back a new WP blogger is the upgrade process. For the uninitiated, it can be pretty daunting. Since I do not modify core files as a rule my upgrade process runs about 20-30 minutes but I enjoy it. I’d rather have complete control of the process but then again I’m wierd that way.

@Adam
I’ve never had to deactivate Akismet for an upgrade. Since the Akismet plugin is basically an interface to the external Akismet servers, I’ve never had a problem leaving it on. Another option is to set all comments to be moderated before the upgrade and switching them back when you’re done.

If anyone see’s anything wrong with the above, feel free to jump all over me.😛

Nerrad: The sandbox tester has nothing to do with upgrades. The new version is slated to have a one click deactivation of Plugins to make the process easier, but the sandbox tester is for testing Plugins before going public, not sandboxing Plugins when upgrading. How would WordPress know you are upgrading in time to sandbox the Plugins?

As for the issue of not using Spam Karma if you are using Akismet, most people use the triple threat protection of Akismet, Spam Karma and Bad Behavior for CYA. If Akismet goes down, Spam Karma is there. And Bad Behavior blocks a lot before they even get to the other two. If you are running a heavily commenting and comment spammed blog, then get all three. If not, than Akismet alone or in combination with Bad Behavior is enough.

if you don’t deactivate your plugsin, and run into problems with your upgrade, you can always just rename your plugins folder (which automatically disables all your plugins). a half an hour is a long time to spend upgrading, every time there’s a new security release. it’s no wonder 98% of wordpress installations are out of date and insecure.

These tips are of no use (useless)What do you do if you do not have SPAM?
Did you ever ask yourself this question?

Do not take this as self advertising, but after I released TruBar 3.0(Lessen) I discovered that people are not interested in stopping SPAM.
They got used to it and kind of started to like it😀
People enjoy themselves to see how their CLEVER weblog is working against SPAM.

I released plugin which stops 100% of the automated SPAM and for three days it was downloaded only 39 times. Remarkable eh?

I would imagine that the advice you offer in this article would only work if you set your comments to be fully moderated prior to starting the upgrade process – otherwise they wouldn’t be in the moderation queue, right?

If you do not have comment spam, you are lucky. People do not like comment spam, and so far, other than the three mentioned systems, which are used by millions of bloggers, I have not seen anything that consistently stops comment spam from public view. Just because they weren’t interested in what you offered, doesn’t mean they like comment spam.

Yes, the upgrade process is painful. The developers are working on a way to make it less so, but with so many custom installations out there, it’s hard to make one shoe fit everyone.

The technique has nothing to do with comments fully moderated or not. Comment spam comes through from the moment of activation and may be caught and put into moderation. WordPress itself moderates comments if they don’t pass the built-in comment filter blacklist and keywords list. You may or may not have any moderated comments.

Comment spam (any type of spam) is real pain. I can’t believe anyone with a blog doesn’t have it. A searching the spam trap is very annoying.

Anyway, if you know of any developer types that are interested in a collaborative project to solve this problem once and for all, please direct them my way. It is quite an edgy project, but it is the only solution.

I’m not lucky, Lorelle, because I had lot of spam.
I just do not accept the standards and I change them.
I’ve deleted Akismet and Spam Karma, installed Trackback Validator + TruBar and the spam stopped.
NO SPAM.
Try to imagine it.

Yes just because people did not install a plugin does not mean that they like spam.
I should say that they don’t mind it.
Still I’m sure that the spam gives you some extra joy related to your importance😉

“Nothing to do with comment moderation”? I may be mistaken but I think Community Building advice is good if you are disabling Akismet or your other spam plugins for upgrading, best to turn on Moderation first if you do not already have it on. Otherwise, the only default moderation that is protecting you is 2 or links.

What WordPress needs is built-in upgrade functionality. The reason WP upgrades stink is because we’re doing a bunch of manual junk that should be automated. WP should have an “Upgrade Now” button that downloads the update, replaces the applicable files, performs the DB changes and turns the plugins back on. If there was one-button upgrade functionality, you can bet more people would be staying up to date. I’m helping a friend upgrade from an ancient copy of 1.5 who hasn’t upgraded because it’s a pain in the rear.

WordPress also needs to come up with a similar way to upgrade plugins. We need some kind of standard for publishing the location of the latest version of a plugin and a way to check for version updates other than visiting a punch of web pages. I know someone had attempted such a thing before, but it still depended on a central repository as opposed to a distributed system.

The only way you’re going to keep people upgrading is to make it simple and quick.

Even when you haven’t blogged in months, you still get spammed. I left my old blog alone for a few months, and would get hits from morons who bypassed Akismet in April, even though my last post at that time was in NOVEMBER!

Lloyd, if WordPress isn’t working during the upgrade, comment moderation will not change anything. It can be on or off. It will help during the few seconds or minutes from the final upgrade to the activation of the Plugins, but it won’t work when WordPress is “off”. The few it might save won’t make much of a difference.

Wendy, Did you upgrade Akismet at the same time? Make sure you did and remember that Akismet “learns as it goes”. There are a LOT of new spammers out there using a variety of new techniques. As soon as you mark them as spam, along with others, the information goes to Akismet and it learns to identify those. This past two weeks this blog has been hit by a ton of new comment spammers. I mark them all and hopefully help the community as I do.😉

It always amazes me how so many people put so much energy into evil. I’d love to see the same kind of energy going towards good and positive so we all benefit and not suffer so much.

And a reminder to everyone. Comment spam typically tracks in through incoming links. It has nothing to do with how active, popular, or any other characteristic of your blog. If you have incoming links, you are open to comment spam.

It would probably be an idea to temporarily disable comments during an upgrade – that way users don’t get deluged with spam, but neither do they suffer the plugin-related upgrade woes that your links describe.

I think the same that Andrew Faulkner, the Plugin that can Automatic Upgrade to a Newest version of WordPress is really nice, but I don’t know if we need to deactivate all plugins too when we’re making the Upgrading.

But, that Plugin is veru useful, you don’t need to touch any part of WordPress pack when you’re doing the Upgrade, just a few clicks, and all done…

Congratulations of your blog, Lorelle, is very nice and a recommended reading for all days😀

I’m not lucky, Lorelle, because I had lot of spam.
I just do not accept the standards and I change them.
I’ve deleted Akismet and Spam Karma, installed Trackback Validator + TruBar and the spam stopped.
NO SPAM.
Try to imagine it.

The only reason your anti-spam plugin is working is that it isn’t widely known. That was one of the earliest techniques used against spambots – the bots now can easily be programmed to get past it.

Were your plugin to become widely used, it would become widely useless, just like the dozens of plugins like it already are. Sorry, but you haven’t invented something new.

Lorelle, “if WordPress isn’t working during the upgrade, comment moderation will not change anything. It can be on or off.” Your assertion is not founded in any of my experiences, why would you assume that a “broken upgrade” would affect comment moderation in this way. Community Building, still seems like a good suggestion to me.

I know of no reason to disable Akismet or other spam protection plugins during upgrade.

Built-in comment moderation works when WordPress works. Right? Or does it magically work even though your WordPress blog is not working?😉 And if your blog is down, failing to provide instructions to keep Askimet working as a Plugin, does it still keep working? That, I don’t have the answer for yet, though I’ve been trying.

I’ve had several experiences where a Plugin, even a comment spam fighting Plugin, broke my WordPress Theme or caused trauma getting back into the Administration Panels because I didn’t turn off all the Plugins during the upgrade.

If a user wants to risk it, then do so. It’s their blog and the instructions are there for a very good reason. Removing the 2-20 comment spam that might get through is a minor hassle compared with determining which Plugin broke your blog.

Still, if the user does not follow that part of the instructions, and I speak from a few years of experience with this, be prepared to turn them off by renaming the Plugins folder or moving them out of the Plugins folder in order to get WordPress working again, if it doesn’t. If nothing goes bork in the blog, rejoice. You got lucky this time.😀

Just curious to know if anyone else uses the Bannage plugin alongside Askimet.

I find Askimet stops plenty of Spam, but I began to notice repeat offenders and found that I was just going over old ground deleting there new posts, but since I’ve added the Bannage Plugin, I just copy there ip address into the Plugins Options and then delete there comments and since then I’ve not had any repeat offenders.

Also curious as to whether anyone’s thought about setting up a source where us WordPress users can post up IP Address’s of persistent Spammers so people like myself who use Bannage can add these to the Banned IP Address’s we already have blocked.

Lists comes and go, and spammers change IP addresses like underwear, so it isn’t an effective, and can be a time consuming, option. Akismet tracks the IP addresses as part of their overall protection, and blocks accordingly.

Remember, Akismet works because users report comment spam. If you don’t mark it as comment spam, how will it know that a comment needs to be blocked for everyone? It’s a community participation thing.😀

I’ve had Spam Karma crash during upgrades if I left it activated. I’ve also had Bad Behavior do some wonky things, but usually in conflict with another Plugin, not during an upgrade. After too many lessons with other Plugins borking the site’s ability to return to “normal” after an upgrade, and knowing how important comment spam fighting tools are, I now make sure I have the latest version of all my comment spam fighting Plugins before beginning the upgrade, as well as the other Plugins I depend upon.

On the assumption you make, I didn’t say that, nor think that, but many probably do. I do know that while WordPress has become more robust, it takes one glitch in a Plugin or “improvements” WordPress makes to make the white screen of death or “Database Error” page appear to the public and to me trying to access my blog after an upgrade. Thus, this veteran knows to turn off everything before upgrading. The few comment spam that slip through are nothing compared to the white screen of death.

While some things maybe running in the background, they aren’t if I turned them off in order to avoid the bork in the blog. After the “clean” upgrade is tested, I turn on each Plugin one at a time to make sure it plays nicely. That’s the time consuming bit of an upgrade for me.

It’s really frustrating to hear that so many popular Plugins don’t work now with the new version of WordPress and that there isn’t a security patch to protect those who don’t want to lose access to those Plugins by upgrading. The loss of Customizable Post Listings is very disappointing as I’ve been relying upon that fabulous Plugin for three years or more…can’t remember. Got it as soon as it came out. That’s a long time and it’s become like family.

It takes some time so be patient, and be sure and mark all those that get through as spam, not delete. This adds the information to the community database so all benefit.

There is no perfect spam proof program. Spammers work overtime to get through, and luckily, Akismet learns as you use it. Some days, I get 1-3% through and other days I get none, but some always gets through. When applied to 700 comment spam that attack my blog in ONE DAY, I can live with the 3-5 that gets through. Can’t you? Much better than the alternative. Just give it a little more time.

On one of my domains I had 4 separate wordpress blogs and I was getting 30 -40 spam comments per day, I didn’t want to turn the comments off so I kept on and just deleted the rubbish, but it was driving me crazy, I then downloaded the plugin SI CAPTCHA Anti-Spam from wordpress and it all stopped.
Worth a try guys it worked for me.

I cannot recommend enough that you rethink the CAPTCHA. They have been proven repeatedly to only work for a short time and many will not comment on a blog with them. There are better solutions, including using Akismet and moderation and faster and easier monitoring techniques such as blog comments feeds.

9 Trackbacks/Pingbacks

[…] Lorelle on WordPress wrote an interesting article on deactivating plugins before an upgrade and checking for comment spam immediately afterwards. I didn’t have that specific problem. My problem was that my connection died while I was uploading the files. My plugins worked the first time I activated and I didn’t find any extra spam. It had to be dumb luck.[…]

[…] Comment Spammers Never Stop, Even When Your Blog is Down engtech blogs regularly at Internet Duct Tape. His latest posts were Blog Tip: Creating a Blog Maintenance Start Page with Netvibes, Only Two Days Left to Win Graphic Design Services for Your Blog, and 9 Techniques to Promoting Your Social Web ApplicationSubscribe to Internet Duct Tape by RSS or by email This entry was written by engtech and posted on September 25, 2007 at 10:18 am and filed under WordPress Tips, WordPressdotcom with tags akismet, akismet auntie spam, comments, spam, wordpress.com, wordpress.com tips. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL. « Converting a Newsletter Into a Blog […]

[…] Comment Spammers Never Stop, Even When Your Blog is Down continues to bring in a lot of traffic, which is very interesting to me. If your blog is down, of course spammers are going to keep attacking. They never stop. So I wonder why this was such a surprise and of such interest to so many? Logical to me. Fortunately, most people are back up and running with a WordPress upgrade in less than 30 minutes, often within 5-10 minutes, so few get through and it’s easily managed if they do. It’s nothing to worry about, just something you should know. […]